Skip to content

Instantly share code, notes, and snippets.

@idcrook

idcrook/jenkins_ci_on_OS _X_El_Capitan.md

Last active August 29, 2015 14:27
Show Gist options
  • Save idcrook/7f40fddccf4572cd2d09 to your computer and use it in GitHub Desktop.
Save idcrook/7f40fddccf4572cd2d09 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
jenkins_ci_on_OS _X_El_Capitan.md 
brew install java
brew install jenkins
brew pin jenkins

Create a hidden user for daemon

sudo mkdir /var/jenkins
sudo /usr/sbin/dseditgroup -o create -r 'Jenkins CI Group' -i 600 _jenkins
sudo dscl . -append /Groups/_jenkins passwd "*"
sudo dscl . -create /Users/_jenkins
sudo dscl . -append /Users/_jenkins RecordName jenkins
sudo dscl . -append /Users/_jenkins RealName "Jenkins CI Server"
sudo dscl . -append /Users/_jenkins uid 600
sudo dscl . -append /Users/_jenkins gid 600
sudo dscl . -append /Users/_jenkins shell /usr/bin/false
sudo dscl . -append /Users/_jenkins home /var/jenkins
sudo dscl . -append /Users/_jenkins passwd "*"
sudo dscl . -append /Groups/_jenkins GroupMembership _jenkins
sudo chown -R jenkins /var/jenkins

Make a new .plist for launchctl ~/Library/LaunchAgents/manual.homebrew.mxcl.jenkins.plist

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
  <dict>
    <key>Label</key>
    <string>Jenkins</string>
    <key>ProgramArguments</key>
    <array>
      <string>/usr/bin/java</string>
      <string>-jar</string>
      <string>/usr/local/opt/jenkins/libexec/jenkins.war</string>
      <string>--httpListenAddress=127.0.0.1</string>
      <string>--httpPort=8080</string>
      <string>--prefix=/jenkins</string>
    </array>
    <key>OnDemand</key>
    <false/>
    <key>RunAtLoad</key>
    <true/>
    <key>UserName</key>
    <string>jenkins</string>
  </dict>
</plist>

Install as a system launchd

sudo cp ~/Library/LaunchAgents/manual.homebrew.mxcl.jenkins.plist  /Library/LaunchDaemons/org.jenkins-ci.plist
sudo launchctl load -w /Library/LaunchDaemons/org.jenkins-ci.plist

Create an SSH client key

sudo -u jenkins ssh-keygen

Once you can access your Jenkins console, goto Manage Jenkins -> Manage Plugins from the home screen.

In the Updates tab, check all and click download and install after restart. Once downloads are finished , check Restart Jenkins when installation is complete and no jobs are running.

Open the Available tab and find the plugin entitled:

  • Git Plugin
  • Github plugin
  • Rake plugin
  • RVM plugin
  • Green balls Download and restart Jenkins.
sudo -u jenkins git config --file /var/jenkins/.gitconfig  user.email  "cloud+jenkins@example.com"
sudo -u jenkins git config --file /var/jenkins/.gitconfig  user.name "jenkins"

<< copy key to github >>

sudo -u jenkins ssh -i /var/jenkins/.ssh/id_rsa -T git@github.com

Once configured, you should also set the URL used by the Jenkins UI at Jenkins > Manage Jenkins > Jenkins Location > Jenkins URL to something like:  "https://domain.tld/jenkins/. 

Configure security

Create users Navigate to Manage Jenkins and select Configure Global Security. On this screen, check Enable Security, then under Security Realm select Jenkins' own user database. Ensure that Allow users to sign up is unchecked. Click Save. You will be prompted to register, add an admin user. Once done, you'll be automatically logged in as admin. Go back to Manage Jenkins, you will now see an additional Manage Users menu. Navigate in there, and create a localmonitor user.

Add permissions Navigate to Manage Jenkins and select Configure Global Security. On this screen, check Project-based Matrix Authorization Strategy under Authorization. From there, add admin and localmonitor users, checking all permissions for admin and onlyOverall Read and JOB read forlocalmonitor. Save the changes.

brew tap homebrew/nginx
brew install nginx --devel --with-spdy --with-gunzip
ln -sfv /usr/local/opt/nginx/*.plist ~/Library/LaunchAgents
cp ~/Library/LaunchAgents/homebrew.mxcl.nginx.plist ~/Library/LaunchAgents/manual.homebrew.mxcl.nginx.plist

Edit to change default port and put in manual.homebrew.mxcl.nginx.plist

sudo cp ~/Library/LaunchAgents/manual.homebrew.mxcl.nginx.plist /Library/LaunchDaemons/org.nginx.plist

mkdir /usr/local/etc/nginx/ssl
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /usr/local/etc/nginx/ssl/server.key -out /usr/local/etc/nginx/ssl/server.crt

mv /usr/local/etc/nginx/nginx.conf /usr/local/etc/nginx/nginx.conf.original
vim /usr/local/etc/nginx/nginx.conf

Paste into

worker_processes 4;

events {
    worker_connections 768;
}

http {
    upstream jenkins {
      server 127.0.0.1:8080 fail_timeout=0;
    }

    server {
      listen 4443;
      server_name jenkins;

      ssl on;
      ssl_certificate /usr/local/etc/nginx/ssl/server.crt;
      ssl_certificate_key /usr/local/etc/nginx/ssl/server.key;

      location / {
        proxy_set_header        Host $host;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;
        proxy_redirect http:// https://;
        proxy_pass              http://jenkins;
      }
    }
}

Start the Daemon

sudo launchctl load -w /Library/LaunchDaemons/org.nginx.plist

(or reboot)

Sources

Drew from these

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment